CN111818525B - Secret key updating method and system facing space information network - Google Patents
Secret key updating method and system facing space information network Download PDFInfo
- Publication number
- CN111818525B CN111818525B CN202010671864.1A CN202010671864A CN111818525B CN 111818525 B CN111818525 B CN 111818525B CN 202010671864 A CN202010671864 A CN 202010671864A CN 111818525 B CN111818525 B CN 111818525B
- Authority
- CN
- China
- Prior art keywords
- seed key
- key
- matrix
- preset
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/04—Large scale networks; Deep hierarchical networks
- H04W84/06—Airborne or Satellite Networks
Landscapes
- Physics & Mathematics (AREA)
- Astronomy & Astrophysics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Radio Relay Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
技术领域technical field
本发明涉及网络安全技术领域,尤其是涉及一种面向空间信息网络的密钥更新方法和系统。The invention relates to the technical field of network security, in particular to a key update method and system oriented to a spatial information network.
背景技术Background technique
卫星通信是一种可以为用户提供无处不在接入的通信方式。无论你是在城市,海上还是沙漠,只要在卫星发射的电波覆盖范围之内就可以进行通信,不受地理位置的限制。无论是在民用还是军用,卫星通信在未来都有着不可替代的地位。随着卫星通信在通信领域中所起作用越来越大,对卫星通信的安全也提出了新的要求。Satellite communication is a communication method that can provide users with ubiquitous access. Whether you are in the city, the sea or the desert, you can communicate as long as you are within the coverage of the radio waves emitted by the satellite, regardless of geographic location. Whether in civilian or military use, satellite communications will have an irreplaceable position in the future. With the increasing role of satellite communication in the communication field, new requirements have been put forward for the security of satellite communication.
目前卫星通信安全普遍地采用地面通信网络的数据加密体制,即使用对称加密体系对数据进行加密,对称加密体系的安全性主要取决于密钥的安全性。在密钥分发中普遍地采用非对称密码加密对称密钥的分发方式。但是非对称加密体系在加解密过程涉及到大数运算,算法复杂度高且加解密速度非常慢,非对称密码加密对称密钥的分发过程复杂,并不适合用于计算资源受限和通信时延较高的空间通信网络。At present, the security of satellite communication generally adopts the data encryption system of the ground communication network, that is, the data is encrypted by the symmetric encryption system. The security of the symmetric encryption system mainly depends on the security of the key. In key distribution, asymmetric cryptography is commonly used to encrypt symmetric keys. However, the asymmetric encryption system involves large number operations in the encryption and decryption process, the algorithm complexity is high, and the encryption and decryption speed is very slow. high-latency space communication network.
发明内容SUMMARY OF THE INVENTION
有鉴于此,本发明的目的在于提供一种面向空间信息网络的密钥更新方法和系统,以缓解了现有技术中存在的密钥的分发方式复杂的技术问题。In view of this, the purpose of the present invention is to provide a key update method and system oriented to a spatial information network, so as to alleviate the technical problem of complex key distribution in the prior art.
第一方面,本发明实施例提供了一种面向空间信息网络的密钥更新方法,应用于通信卫星,包括:基于更新之前的种子密钥,生成目标会话密钥;获取目标加密参数;所述目标加密参数为所述通信卫星对应的地面控制中心利用所述目标会话密钥,对种子密钥同步参数进行加密之后所得到加密参数;利用所述目标会话密钥对所述目标加密参数进行解密,得到所述种子密钥同步参数;基于所述种子密钥同步参数,在预设种子密钥矩阵中确定更新之后的种子密钥;所述预设种子密钥矩阵为以预设种子密钥为矩阵元所构成的矩阵,其中,一个矩阵元对应一个预设种子密钥。In a first aspect, an embodiment of the present invention provides a method for updating a key for a space information network, which is applied to a communication satellite, including: generating a target session key based on a seed key before updating; acquiring target encryption parameters; The target encryption parameter is the encryption parameter obtained after the ground control center corresponding to the communication satellite uses the target session key to encrypt the seed key synchronization parameter; the target encryption parameter is decrypted using the target session key , obtain the seed key synchronization parameter; based on the seed key synchronization parameter, determine the updated seed key in the preset seed key matrix; the preset seed key matrix is based on the preset seed key is a matrix composed of matrix elements, wherein one matrix element corresponds to a preset seed key.
进一步地,基于更新之前的种子密钥,生成目标会话密钥,包括:基于更新之前的种子密钥,对祖冲之算法集进行初始化,得到初始化之后的祖冲之算法集;利用所述初始化之后的祖冲之算法集,生成目标会话密钥。Further, generating the target session key based on the seed key before the update includes: initializing the Zu Chongzhi algorithm set based on the seed key before the update, and obtaining the Zu Chongzhi algorithm set after the initialization; using the Zu Chongzhi algorithm after the initialization set to generate the target session key.
进一步地,基于所述种子密钥同步参数,在预设种子密钥矩阵中确定更新之后的种子密钥,包括:基于所述种子密钥同步参数,生成种子密钥指针;基于所述种子密钥指针,在所述预设种子密钥矩阵中确定目标矩阵元;将所述目标矩阵元所对应的预设种子密钥确定为更新之后的种子密钥。Further, determining an updated seed key in a preset seed key matrix based on the seed key synchronization parameter, including: generating a seed key pointer based on the seed key synchronization parameter; a key pointer, and a target matrix element is determined in the preset seed key matrix; the preset seed key corresponding to the target matrix element is determined as the updated seed key.
进一步地,所述方法还包括:生成初始会话密钥,包括:获取初始种子密钥同步参数;基于所述初始种子密钥同步参数,生成初始种子密钥指针;基于所述初始种子密钥指针,在所述预设种子密钥矩阵中确定初始矩阵元;将所述初始矩阵元所对应的预设种子密钥确定为初始种子密钥;基于所述初始种子密钥和祖冲之算法集,生成初始会话密钥。Further, the method further includes: generating an initial session key, including: acquiring an initial seed key synchronization parameter; generating an initial seed key pointer based on the initial seed key synchronization parameter; based on the initial seed key pointer , determine the initial matrix element in the preset seed key matrix; determine the preset seed key corresponding to the initial matrix element as the initial seed key; based on the initial seed key and Zu Chongzhi's algorithm set, generate Initial session key.
进一步地,所述方法还包括:更新所述预设种子密钥矩阵。Further, the method further includes: updating the preset seed key matrix.
进一步地,更新所述预设种子密钥矩阵,包括:获取目标加密矩阵元;所述目标加密矩阵元为所述地面控制中心,利用预设种子密钥矩阵中的待更新矩阵元所对应的预设种子密钥和所述目标会话密钥,对新预设种子密钥进行加密之后所得到的加密矩阵元;基于所述待更新矩阵元所对应的预设种子密钥和所述目标会话密钥,对所述目标加密矩阵元进行解密,得到所述新预设种子密钥;将所述新预设种子密钥作为所述待更新矩阵元,更新所述预设种子密钥矩阵。Further, updating the preset seed key matrix includes: acquiring a target encryption matrix element; the target encryption matrix element is the ground control center, and using the matrix element corresponding to the matrix element to be updated in the preset seed key matrix. The preset seed key and the target session key, the encryption matrix element obtained after encrypting the new preset seed key; based on the preset seed key corresponding to the matrix element to be updated and the target session key, decrypt the target encryption matrix element to obtain the new preset seed key; use the new preset seed key as the matrix element to be updated, and update the preset seed key matrix.
第二方面,本发明实施例还提供了一种面向空间信息网络的密钥更新系统,应用于通信卫星,包括:生成模块,获取模块,解密模块和更新模块,其中,所述生成模块,用于基于更新之前的种子密钥,生成目标会话密钥;所述获取模块,用于获取目标加密参数;所述目标加密参数为所述通信卫星对应的地面控制中心利用所述目标会话密钥,对种子密钥同步参数进行加密之后所得到加密参数;所述解密模块,用于利用所述目标会话密钥对所述目标加密参数进行解密,得到所述种子密钥同步参数;所述更新模块,用于基于所述种子密钥同步参数,在预设种子密钥矩阵中确定更新之后的种子密钥;所述预设种子密钥矩阵为以预设种子密钥为矩阵元所构成的矩阵,其中,一个矩阵元对应一个预设种子密钥。In a second aspect, an embodiment of the present invention further provides a key update system oriented to a space information network, applied to a communication satellite, including: a generation module, an acquisition module, a decryption module, and an update module, wherein the generation module uses generating a target session key based on the seed key before the update; the obtaining module is used to obtain a target encryption parameter; the target encryption parameter is that the ground control center corresponding to the communication satellite uses the target session key, encryption parameters obtained after encrypting the seed key synchronization parameters; the decryption module is configured to decrypt the target encryption parameters by using the target session key to obtain the seed key synchronization parameters; the update module , for determining the updated seed key in a preset seed key matrix based on the seed key synchronization parameter; the preset seed key matrix is a matrix formed by taking the preset seed key as matrix elements , where one matrix element corresponds to a preset seed key.
进一步地,所述系统还包括:密钥矩阵更新模块,用于更新所述预设种子密钥矩阵。Further, the system further includes: a key matrix updating module for updating the preset seed key matrix.
第三方面,本发明实施例还提供了一种电子设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述第一方面所述的方法的步骤。In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor executes the computer program When implementing the steps of the method described in the first aspect above.
第四方面,本发明实施例还提供了一种具有处理器可执行的非易失的程序代码的计算机可读介质,所述程序代码使所述处理器执行上述第一方面所述方法。In a fourth aspect, an embodiment of the present invention further provides a computer-readable medium having non-volatile program code executable by a processor, where the program code enables the processor to execute the method in the first aspect.
本发明提供了一种面向空间信息网络的密钥更新方法和系统,首先基于更新之前的种子密钥,生成目标会话密钥;获取目标加密参数;然后利用目标会话密钥对目标加密参数进行解密,得到种子密钥同步参数;最后基于种子密钥同步参数,在预设种子密钥矩阵中确定更新之后的种子密钥,本发明实施例通过对种子密钥同步参数进行加密之后分发,然后利用种子密钥同步参数结合预设种子密钥矩阵的方式,实现在卫星通信过程中的密钥分发过程,在保证了密钥分发安全性的同时,缓解了现有技术中存在的密钥的分发方式复杂的技术问题。The invention provides a method and system for updating a key for a spatial information network. First, based on a seed key before updating, a target session key is generated; a target encryption parameter is obtained; and then the target encryption parameter is decrypted by using the target session key. , obtain the seed key synchronization parameter; finally, based on the seed key synchronization parameter, determine the updated seed key in the preset seed key matrix, the embodiment of the present invention distributes the seed key synchronization parameter by encrypting it, and then uses The seed key synchronization parameter is combined with the preset seed key matrix to realize the key distribution process in the satellite communication process, which not only ensures the security of key distribution, but also alleviates the key distribution existing in the prior art. way to complex technical issues.
附图说明Description of drawings
为了更清楚地说明本发明具体实施方式或现有技术中的技术方案,下面将对具体实施方式或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施方式,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the specific embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the specific embodiments or the prior art. Obviously, the accompanying drawings in the following description The drawings are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without creative efforts.
图1为本发明实施例提供的一种面向空间信息网络的密钥更新方法的流程图;1 is a flowchart of a method for updating a key for a spatial information network according to an embodiment of the present invention;
图2为本发明实施例提供的一种生存初始会话密钥的方法的流程图;2 is a flowchart of a method for surviving an initial session key provided by an embodiment of the present invention;
图3为本发明实施例提供的一种卫星通信网络的示意图;3 is a schematic diagram of a satellite communication network according to an embodiment of the present invention;
图4为本发明实施例提供的一种会话密钥生成方法的流程图;4 is a flowchart of a method for generating a session key provided by an embodiment of the present invention;
图5为本发明实施例提供的一种种子密钥更新方法的流程图;5 is a flowchart of a method for updating a seed key provided by an embodiment of the present invention;
图6为本发明实施例提供的一种种子密钥矩阵更新方法的流程图;6 is a flowchart of a method for updating a seed key matrix provided by an embodiment of the present invention;
图7为本发明实施例提供的一种面向空间信息网络的密钥更新系统的示意图;7 is a schematic diagram of a spatial information network-oriented key update system provided by an embodiment of the present invention;
图8为本发明实施例提供的另一种面向空间信息网络的密钥更新系统的示意图。FIG. 8 is a schematic diagram of another key update system oriented to a spatial information network provided by an embodiment of the present invention.
具体实施方式Detailed ways
下面将结合附图对本发明的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
实施例一:Example 1:
图1是根据本发明实施例提供了一种面向空间信息网络的密钥更新方法的流程图,该方法应用于卫星通信网络中的通信卫星。其中,卫星通信网络还包括与通信卫星相对应的地面控制中心。如图1所示,该方法具体包括如下步骤:FIG. 1 is a flowchart of a method for updating a key for a space information network according to an embodiment of the present invention, and the method is applied to a communication satellite in a satellite communication network. Wherein, the satellite communication network also includes a ground control center corresponding to the communication satellite. As shown in Figure 1, the method specifically includes the following steps:
步骤S102,基于更新之前的种子密钥,生成目标会话密钥。In step S102, a target session key is generated based on the seed key before the update.
在本发明实施例中,种子密钥用于祖冲之算法集(ZUC算法)的初始化,更新之前的种子密钥分别保存在卫星通信网络的通信卫星和地面控制中心上面。通信卫星和地面控制中心都可以通过更新之前的种子密钥生成目标会话密钥。目标会话密钥用于对卫星通信网络的通信过程进行加密。In the embodiment of the present invention, the seed key is used for the initialization of Zu Chongzhi's algorithm set (ZUC algorithm), and the seed key before updating is respectively stored on the communication satellite and the ground control center of the satellite communication network. Both the communication satellite and the ground control center can generate the target session key by updating the previous seed key. The target session key is used to encrypt the communication process of the satellite communication network.
具体地,基于更新之前的种子密钥,对祖冲之算法集进行初始化,得到初始化之后的祖冲之算法集;利用初始化之后的祖冲之算法集,生成目标会话密钥。Specifically, based on the seed key before the update, initialize the Zu Chongzhi algorithm set to obtain the Zu Chongzhi algorithm set after initialization; use the Zu Chongzhi algorithm set after initialization to generate the target session key.
步骤S104,获取目标加密参数;目标加密参数为通信卫星对应的地面控制中心利用目标会话密钥,对种子密钥同步参数进行加密之后所得到加密参数。种子密钥同步参数为对种子密钥进行更新的参数。Step S104, acquiring target encryption parameters; the target encryption parameters are encryption parameters obtained after the ground control center corresponding to the communication satellite uses the target session key to encrypt the seed key synchronization parameter. The seed key synchronization parameter is a parameter for updating the seed key.
步骤S106,利用目标会话密钥对目标加密参数进行解密,得到种子密钥同步参数。Step S106: Decrypt the target encryption parameter by using the target session key to obtain the seed key synchronization parameter.
步骤S108,基于种子密钥同步参数,在预设种子密钥矩阵中确定更新之后的种子密钥;预设种子密钥矩阵为以预设种子密钥为矩阵元所构成的矩阵,其中,一个矩阵元对应一个预设种子密钥。Step S108, based on the seed key synchronization parameter, determine the updated seed key in the preset seed key matrix; the preset seed key matrix is a matrix formed by using the preset seed key as matrix elements, wherein one The matrix element corresponds to a preset seed key.
可选地,通信卫星在利用种子密钥同步参数对种子密钥进行更新之后,可以将种子密钥同步参数抛弃或者撤销。Optionally, after updating the seed key by using the seed key synchronization parameter, the communication satellite may discard or revoke the seed key synchronization parameter.
本发明实施例提供的一种面向空间信息网络的密钥更新方法,通过对种子密钥同步参数进行加密之后分发,然后利用种子密钥同步参数结合预设种子密钥矩阵的方式,实现在卫星通信过程中的密钥分发过程,在保证了密钥分发安全性的同时,缓解了现有技术中存在的密钥的分发方式复杂的技术问题。A key update method oriented to a space information network provided by an embodiment of the present invention, by encrypting the seed key synchronization parameters and then distributing them, and then using the seed key synchronization parameters in combination with a preset seed key matrix, to realize the satellite key synchronization parameters. The key distribution process in the communication process not only ensures the security of key distribution, but also alleviates the technical problem of complex key distribution methods existing in the prior art.
在本发明实施例中,在更新种子密钥之前,还包括:生成初始会话密钥。图2是根据本发明实施例提供的一种生存初始会话密钥的方法的流程图,需要说明的是,该方法可以应用于卫星通信网络中的通信卫星,也可以应用于卫星通信网络中的地面控制中心。具体地,如图2所示,该方法包括如下步骤:In this embodiment of the present invention, before updating the seed key, the method further includes: generating an initial session key. FIG. 2 is a flowchart of a method for surviving an initial session key provided according to an embodiment of the present invention. It should be noted that the method can be applied to a communication satellite in a satellite communication network, and can also be applied to a satellite communication network in a satellite communication network. ground control center. Specifically, as shown in Figure 2, the method includes the following steps:
步骤S201,获取初始种子密钥同步参数;初始种子密钥同步参数为预先装入地面控制中心和通信卫星的参数;Step S201, obtaining the initial seed key synchronization parameter; the initial seed key synchronization parameter is the parameter preloaded into the ground control center and the communication satellite;
步骤S202,基于初始种子密钥同步参数,生成初始种子密钥指针;Step S202, generating an initial seed key pointer based on the initial seed key synchronization parameter;
步骤S203,基于初始种子密钥指针,在预设种子密钥矩阵中确定初始矩阵元;Step S203, based on the initial seed key pointer, determine the initial matrix element in the preset seed key matrix;
步骤S204,将初始矩阵元所对应的预设种子密钥确定为初始种子密钥;Step S204, determining the preset seed key corresponding to the initial matrix element as the initial seed key;
步骤S205,基于初始种子密钥和祖冲之算法集,生成初始会话密钥;具体地,将初始种子密钥作为祖冲之算法集的初始化参数,生成初始会话密钥。Step S205, generate an initial session key based on the initial seed key and Zu Chongzhi's algorithm set; specifically, use the initial seed key as an initialization parameter of Zu Chongzhi's algorithm set to generate an initial session key.
可选地,步骤S108还包括如下步骤:Optionally, step S108 further includes the following steps:
步骤S1081,基于种子密钥同步参数,生成种子密钥指针;Step S1081, generating a seed key pointer based on the seed key synchronization parameter;
步骤S1082,基于种子密钥指针,在预设种子密钥矩阵中确定目标矩阵元;Step S1082, based on the seed key pointer, determine the target matrix element in the preset seed key matrix;
步骤S1083,将目标矩阵元所对应的预设种子密钥确定为更新之后的种子密钥。Step S1083: Determine the preset seed key corresponding to the target matrix element as the updated seed key.
在本发明实施例中,生成目标会话密钥后,在地面控制中心每次更新种子密钥时,先使用目标会话密钥加密新的种子密钥同步参数,然后将加密之后的种子密钥同步参数发送至通信卫星;通信卫星收到密文后,可直接用目标会话密钥解密得到新种子密钥同步参数。In the embodiment of the present invention, after the target session key is generated, each time the ground control center updates the seed key, the target session key is used to encrypt the new seed key synchronization parameter, and then the encrypted seed key is synchronized The parameters are sent to the communication satellite; after the communication satellite receives the ciphertext, it can directly decrypt the target session key to obtain the synchronization parameters of the new seed key.
可选地,本发明实施例提供的方法还包括:更新预设种子密钥矩阵。具体地,包括如下步骤:Optionally, the method provided by the embodiment of the present invention further includes: updating a preset seed key matrix. Specifically, it includes the following steps:
步骤S301,获取目标加密矩阵元;目标加密矩阵元为地面控制中心,利用预设种子密钥矩阵中的待更新矩阵元所对应的预设种子密钥和目标会话密钥,对新预设种子密钥进行加密之后所得到的加密矩阵元;Step S301, obtaining a target encryption matrix element; the target encryption matrix element is the ground control center, and the new preset seed key and the target session key corresponding to the matrix element to be updated in the preset seed key matrix are used to update the new preset seed key. The encrypted matrix element obtained after the key is encrypted;
步骤S302,基于待更新矩阵元所对应的预设种子密钥和目标会话密钥,对目标加密矩阵元进行解密,得到新预设种子密钥;Step S302, based on the preset seed key corresponding to the matrix element to be updated and the target session key, decrypt the target encryption matrix element to obtain a new preset seed key;
步骤S303,将新预设种子密钥作为待更新矩阵元,更新预设种子密钥矩阵。Step S303, update the preset seed key matrix by using the new preset seed key as the matrix element to be updated.
在本发明实施例进行种子密钥矩阵更新时,首先由地面控制中心生成新的种子密钥矩阵。使用旧种子密钥矩阵中对应的旧种子密钥和目标会话密钥加密新种子密钥矩阵中对应的新预设种子密钥,得到密文后发送至通信卫星;通信卫星通过解密其密文即可更新种子密钥矩阵中的元素,当所有元素更新后即种子密钥矩阵更新完毕。When updating the seed key matrix in the embodiment of the present invention, a new seed key matrix is first generated by the ground control center. Encrypt the corresponding new preset seed key in the new seed key matrix with the corresponding old seed key and target session key in the old seed key matrix, obtain the ciphertext and send it to the communication satellite; the communication satellite decrypts its ciphertext by decrypting the new preset seed key. The elements in the seed key matrix can be updated, and the seed key matrix is updated when all elements are updated.
本发明实施例提供了一种面向空间信息网络的密钥更新方法和系统,能够在卫星通信网络中使用对称加密体系基础之上,在对称密钥的分发网络不依赖于传统的非对称加密体系,并且在密钥更新时由当前种子密钥矩阵参数和会话密钥进行双重加密,大大增加了会话密钥更新和分发的安全,同时缓解了现有技术中存在的密钥的分发方式复杂的技术问题。The embodiments of the present invention provide a key update method and system for a space information network, which can be based on the use of a symmetric encryption system in a satellite communication network, and the distribution network of the symmetric key does not depend on the traditional asymmetric encryption system. , and double encryption is performed by the current seed key matrix parameters and the session key when the key is updated, which greatly increases the security of session key update and distribution, and at the same time alleviates the complex key distribution method existing in the prior art. technical problem.
实施例二:Embodiment 2:
本发明实施例结合具体的卫星通信网络实例对上述实施例一中的一种面向空间信息网络的密钥更新方法作出具体阐述与解释。此处所描述的具体实施例仅用于解释本发明,而非对本发明的限定。In the embodiment of the present invention, a method for updating a key for a space information network in the above-mentioned first embodiment is specifically described and explained in conjunction with a specific satellite communication network example. The specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.
图3是根据本发明实施例提供的一种卫星通信网络的示意图。如图3所示,该卫星通信网络包括控制中心(NOCC)、信关站(GW)和卫星(Satellite Network),密钥分发和更新过程应用于在控制中心和卫星之间。FIG. 3 is a schematic diagram of a satellite communication network according to an embodiment of the present invention. As shown in FIG. 3 , the satellite communication network includes a control center (NOCC), a gateway (GW) and a satellite (Satellite Network), and the key distribution and update process is applied between the control center and the satellite.
本发明实施例提供的一种面向空间信息网络的密钥更新方法,包括:会话密钥生成,种子密钥更新和种子密钥矩阵更新。对称加密算法以ZUC加密算法为例。A method for updating a key for a spatial information network provided by an embodiment of the present invention includes: generating a session key, updating a seed key, and updating a seed key matrix. The symmetric encryption algorithm takes the ZUC encryption algorithm as an example.
图4是根据本发明实施例提供的一种会话密钥生成方法的流程图,如图4所示,具体包括如下步骤:FIG. 4 is a flowchart of a method for generating a session key provided according to an embodiment of the present invention, as shown in FIG. 4 , which specifically includes the following steps:
步骤S401,生成种子密钥指针{xi,yi}。Step S401, generate a seed key pointer {x i , y i }.
控制中心和卫星都会预先装入同样的种子密钥矩阵和初始种子密钥同步参数,初始种子密钥同步参数IKEYini长度为256bit,首先将其分为前128位IKSP1,以及后128位IKSP2;Both the control center and the satellite will preload the same seed key matrix and initial seed key synchronization parameters. The initial seed key synchronization parameter IKEY ini is 256 bits in length. First, it is divided into the first 128-bit IKSP 1 and the last 128-bit IKSP 2 ;
使用IKSP1生成指针的横坐标xi,将IKSP1分成32份长度为4bit的块IKSP1[0]、IKSP1[1]、……、IKSP1[31]。然后将这32个块全部异或获得一个4bit长的结果值,并转化为10进制,即可获得横坐标xi。Use IKSP 1 to generate the abscissa x i of the pointer, and divide IKSP 1 into 32 blocks with a length of 4 bits: IKSP 1 [0], IKSP 1 [1], ..., IKSP 1 [31]. Then XOR all the 32 blocks to obtain a 4-bit long result value, and convert it into decimal system to obtain the abscissa x i .
采用同样的方式可以生成指针的纵坐标yi。至此,获得指示用于当前会话加密的种子密钥指针{xi,yi}。The ordinate yi of the pointer can be generated in the same way. So far, the seed key pointer {x i , y i } indicating the encryption used for the current session is obtained.
步骤S402,选择种子密钥。Step S402, selecting a seed key.
根据生成的种子密钥指针{xi,yi},在16×16的种子密钥矩阵Matrix[xi,yi]中选择相应的种子密钥IKi并输出该结果,可作于ZUC序列密码加密的种子密钥。其中, 为种子密钥。According to the generated seed key pointer {x i ,y i }, select the corresponding seed key IK i in the 16×16 seed key matrix Matrix[x i ,y i ] and output the result, which can be used as ZUC The seed key for serial cipher encryption. in, is the seed key.
步骤S403,生成会话密钥Ks。In step S403, a session key K s is generated.
种子密钥IK长度为256bit,将其作为ZUC序列加密算法的初始化参数,输入即可得到会话密钥Ks。The length of the seed key IK is 256 bits, which is used as the initialization parameter of the ZUC sequence encryption algorithm, and the session key K s can be obtained by inputting it.
图5是根据本发明实施例提供的一种种子密钥更新方法的流程图,如图5所示,具体包括:FIG. 5 is a flowchart of a method for updating a seed key according to an embodiment of the present invention, as shown in FIG. 5 , which specifically includes:
控制中心选择新的种子密钥IKi,并将IKi在种子密钥矩阵中的位置由十进制的种子密钥指针{xi,yi},转换到二进制的种子密钥同步参数IKEYi;使用会话密钥Ks直接加密种子密钥同步参数IKEYi得到密文C;将密文C通过信关站发送至卫星;The control center selects a new seed key IK i , and converts the position of IK i in the seed key matrix from the decimal seed key pointer {x i , y i } to the binary seed key synchronization parameter IKEY i ; Use the session key Ks to directly encrypt the seed key synchronization parameter IKEY i to obtain the ciphertext C; send the ciphertext C to the satellite through the gateway;
卫星利用会话密钥Ks解密密文C,得到种子密钥同步参数IKEYi,利用IKEYi生成种子密钥指针{xi,yi},即可在种子密钥矩阵Matrix[xi,yi]中选择新的种子密钥IKi。The satellite decrypts the ciphertext C with the session key K s , obtains the seed key synchronization parameter IKEY i , and uses IKEY i to generate the seed key pointer {x i , y i }, which can be used in the seed key matrix Matrix[x i , y i ] select the new seed key IK i .
种子密钥同步参数IKEYi加密过程描述如下: The seed key synchronization parameter IKEY i encryption process is described as follows:
图6是根据本发明实施例提供的一种种子密钥矩阵更新方法的流程图,如图6所示,具体包括:FIG. 6 is a flowchart of a method for updating a seed key matrix provided according to an embodiment of the present invention, as shown in FIG. 6 , which specifically includes:
控制中心生成新的种子密钥矩阵Matrix[IKi],并将其中的种子密钥IKi依次加密后发送至卫星,卫星解密得到新的种子密钥IKi依次更新其种子密钥矩阵中的元素;重复上述过程,直至卫星种子密钥矩阵更新完成。The control center generates a new seed key matrix Matrix[IK i ], and encrypts the seed key IK i in turn and sends it to the satellite. The satellite decrypts and obtains a new seed key IK i and sequentially updates the seed key IK i in its seed key matrix. element; repeat the above process until the update of the satellite seed key matrix is completed.
具体地,控制中心利用旧种子密钥矩阵中的种子密钥加密新种子密钥矩阵中对应位置的种子密钥IKi;再使用会话密钥Ks进行第二次加密即可得到种子密钥IKi的密文Ci;种子密钥IKi加密过程描述如下:Specifically, the control center uses the seed key in the old seed key matrix Encrypt the seed key IK i of the corresponding position in the new seed key matrix; Use the session key K s to carry out the second encryption to obtain the ciphertext C i of the seed key IK i ; The seed key IK i encryption process description as follows:
将密文Ci发送至卫星,卫星利用会话密钥Ks和种子密钥矩阵中对应的旧种子密钥即可解密得到新种子密钥IKi;卫星将其IKi作为新种子密钥替换种子密钥矩阵中对应的旧种子密钥 Send the ciphertext C i to the satellite, and the satellite uses the session key K s and the corresponding old seed key in the seed key matrix The new seed key IK i can be obtained by decryption; the satellite uses its IK i as the new seed key to replace the corresponding old seed key in the seed key matrix
以上所述的本发明实施方式所用加密算法为已公开加密标准,并不在本发明保护范围内。The encryption algorithms used in the above-described embodiments of the present invention are published encryption standards, which are not within the protection scope of the present invention.
实施例三:Embodiment three:
图7是根据本发明实施例提供的一种面向空间信息网络的密钥更新系统的示意图,该系统应用于通信卫星。如图7所示,该系统包括:生成模块10,获取模块20,解密模块30和更新模块40。FIG. 7 is a schematic diagram of a key update system for a space information network provided according to an embodiment of the present invention, and the system is applied to a communication satellite. As shown in FIG. 7 , the system includes: a generation module 10 , an acquisition module 20 , a decryption module 30 and an update module 40 .
具体地,生成模块10,用于基于更新之前的种子密钥,生成目标会话密钥。Specifically, the generating module 10 is configured to generate the target session key based on the seed key before updating.
获取模块20,用于获取目标加密参数;目标加密参数为通信卫星对应的地面控制中心利用目标会话密钥,对种子密钥同步参数进行加密之后所得到加密参数。The obtaining module 20 is used for obtaining the target encryption parameter; the target encryption parameter is the encryption parameter obtained after the ground control center corresponding to the communication satellite uses the target session key to encrypt the seed key synchronization parameter.
解密模块30,用于利用目标会话密钥对目标加密参数进行解密,得到种子密钥同步参数。The decryption module 30 is used for decrypting the target encryption parameter by using the target session key to obtain the seed key synchronization parameter.
更新模块40,用于基于种子密钥同步参数,在预设种子密钥矩阵中确定更新之后的种子密钥;预设种子密钥矩阵为以预设种子密钥为矩阵元所构成的矩阵,其中,一个矩阵元对应一个预设种子密钥。The updating module 40 is configured to determine the updated seed key in the preset seed key matrix based on the seed key synchronization parameter; the preset seed key matrix is a matrix formed by using the preset seed key as matrix elements, Among them, one matrix element corresponds to a preset seed key.
本发明实施例提供的一种面向空间信息网络的密钥更新系统,通过对种子密钥同步参数进行加密之后分发,然后利用种子密钥同步参数结合预设种子密钥矩阵的方式,实现在卫星通信过程中的密钥分发过程,在保证了密钥分发安全性的同时,缓解了现有技术中存在的密钥的分发方式复杂的技术问题。A key update system oriented to a space information network provided by an embodiment of the present invention encrypts the seed key synchronization parameters and distributes them, and then uses the seed key synchronization parameters in combination with a preset seed key matrix to realize the satellite key synchronization parameters. The key distribution process in the communication process not only ensures the security of key distribution, but also alleviates the technical problem of complex key distribution methods existing in the prior art.
可选地,图8是根据本发明实施例提供的另一种面向空间信息网络的密钥更新系统的示意图,如图8所示,该系统还包括:密钥矩阵更新模块50,用于更新预设种子密钥矩阵。Optionally, FIG. 8 is a schematic diagram of another key update system oriented to a spatial information network provided according to an embodiment of the present invention. As shown in FIG. 8 , the system further includes: a key matrix update module 50 for updating Preset seed key matrix.
具体地,密钥矩阵更新模块50还用于:Specifically, the key matrix update module 50 is also used for:
获取目标加密矩阵元;目标加密矩阵元为地面控制中心,利用预设种子密钥矩阵中的待更新矩阵元所对应的预设种子密钥和目标会话密钥,对新预设种子密钥进行加密之后所得到的加密矩阵元;基于待更新矩阵元所对应的预设种子密钥和目标会话密钥,对目标加密矩阵元进行解密,得到新预设种子密钥;将新预设种子密钥作为待更新矩阵元,更新预设种子密钥矩阵。Obtain the target encryption matrix element; the target encryption matrix element is the ground control center, and use the preset seed key and the target session key corresponding to the matrix element to be updated in the preset seed key matrix to perform a new preset seed key. The encryption matrix element obtained after encryption; based on the preset seed key corresponding to the matrix element to be updated and the target session key, decrypt the target encryption matrix element to obtain a new preset seed key; encrypt the new preset seed The key is used as the matrix element to be updated, and the preset seed key matrix is updated.
本发明实施例还提供了一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现上述实施例一中的方法的步骤。An embodiment of the present invention also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and running on the processor, where the processor implements the steps of the method in the first embodiment when the processor executes the computer program.
本发明实施例还提供了一种具有处理器可执行的非易失的程序代码的计算机可读介质,程序代码使处理器执行上述实施例一中的方法。An embodiment of the present invention further provides a computer-readable medium having a non-volatile program code executable by a processor, and the program code enables the processor to execute the method in the first embodiment above.
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions described in the foregoing embodiments can still be modified, or some or all of the technical features thereof can be equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present invention. scope.
Claims (9)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010671864.1A CN111818525B (en) | 2020-07-13 | 2020-07-13 | Secret key updating method and system facing space information network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010671864.1A CN111818525B (en) | 2020-07-13 | 2020-07-13 | Secret key updating method and system facing space information network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111818525A CN111818525A (en) | 2020-10-23 |
CN111818525B true CN111818525B (en) | 2021-10-26 |
Family
ID=72843148
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010671864.1A Active CN111818525B (en) | 2020-07-13 | 2020-07-13 | Secret key updating method and system facing space information network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111818525B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US12255999B2 (en) * | 2021-02-18 | 2025-03-18 | Spideroak, Inc. | Secure orbit communication |
CN118801966B (en) * | 2024-07-19 | 2024-12-17 | 中国电子信息产业集团有限公司第六研究所 | Satellite parameter updating system and method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015194866A1 (en) * | 2014-06-17 | 2015-12-23 | (주)유진로봇 | Device and method for recognizing location of mobile robot by means of edge-based readjustment |
CN105634738A (en) * | 2014-11-05 | 2016-06-01 | 北京握奇智能科技有限公司 | Method and system for updating dynamic token parameter |
CN109218266A (en) * | 2017-07-04 | 2019-01-15 | 百度在线网络技术(北京)有限公司 | Travelling data acquisition methods and device |
CN109474425A (en) * | 2018-12-25 | 2019-03-15 | 国科量子通信网络有限公司 | A method for obtaining a derivation key of arbitrary specified length based on multiple shared keys |
CN110062941A (en) * | 2016-12-20 | 2019-07-26 | 日本电信电话株式会社 | Message transmission system, communication terminal, server unit, message method and program |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111132153B (en) * | 2019-12-19 | 2021-07-09 | 中山大学 | An Endogenous Secure Communication Method Based on Wireless Channel Characteristics |
-
2020
- 2020-07-13 CN CN202010671864.1A patent/CN111818525B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015194866A1 (en) * | 2014-06-17 | 2015-12-23 | (주)유진로봇 | Device and method for recognizing location of mobile robot by means of edge-based readjustment |
CN105634738A (en) * | 2014-11-05 | 2016-06-01 | 北京握奇智能科技有限公司 | Method and system for updating dynamic token parameter |
CN110062941A (en) * | 2016-12-20 | 2019-07-26 | 日本电信电话株式会社 | Message transmission system, communication terminal, server unit, message method and program |
CN109218266A (en) * | 2017-07-04 | 2019-01-15 | 百度在线网络技术(北京)有限公司 | Travelling data acquisition methods and device |
CN109474425A (en) * | 2018-12-25 | 2019-03-15 | 国科量子通信网络有限公司 | A method for obtaining a derivation key of arbitrary specified length based on multiple shared keys |
Also Published As
Publication number | Publication date |
---|---|
CN111818525A (en) | 2020-10-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111492615B (en) | Encryption device with updatable shared matrix | |
US10581599B2 (en) | Cloud storage method and system | |
CN110247767B (en) | Revocable attribute-based outsourcing encryption method in fog calculation | |
CN112997448B (en) | Public/private key system with reduced public key size | |
US11128452B2 (en) | Encrypted data sharing with a hierarchical key structure | |
EP3461056B1 (en) | Systems and methods for facilitating iterative key generation and data encryption and decryption | |
CN103414682A (en) | Method for cloud storage of data and system | |
JP6033741B2 (en) | Encryption key update system and method | |
US20230247010A1 (en) | Systems and methods for encryption in network communication | |
CN111818525B (en) | Secret key updating method and system facing space information network | |
WO2015065472A1 (en) | Content encryption to produce multiply encrypted content | |
CN109698744B (en) | Satellite networking session key negotiation method and device | |
CN107666491A (en) | The data transmission method of air-ground integrated network based on symmetric cryptography | |
CN110474772A (en) | A kind of encryption method based on lattice | |
CN106888213B (en) | Cloud ciphertext access control method and system | |
CN111277605B (en) | Data sharing method and device, computer equipment and storage medium | |
CN114650188A (en) | Data secure transmission method and device based on proxy node | |
US20170302444A1 (en) | System and methods for keyed communications channel encryption and decryption | |
CN118487837A (en) | Revocable broadcast proxy re-encryption method based on SM9 in zero-trust network | |
CN104618355B (en) | A kind of safety storage and the method for transmission data | |
CN113783898B (en) | Renewable hybrid encryption method | |
CN102404731B (en) | Wireless sensor network dynamic encryption method based on encryption parameter lists | |
CN111431711B (en) | A Lightweight CPABE Method with Fixed Key Length | |
CN114710693A (en) | Video stream distributed transmission method and device | |
CN114422127A (en) | Quantum key distribution system, method, storage device and intelligent terminal integrating image encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |